How can MIT draw lessons for its hacker culture from this experience?

24 Comments

I think the phrase "all Tech men carry batteries" sums it up. In the short term, it is risky to defend hacker culture. But in the long term, it is much riskier not to. If you are speaking publicly on behalf of the Institute, don't disrespect its constituents.

As top administrators, you are called upon to play the roles of Dumbledore and McGonagall at MIT's Hogwarts. Leave it to the Snapes and Filches to hand out detentions and deduct house points. When it hits your desk, make the young ones' welfare your first priority.

The downfall of Hogwarts began when High Inquisitor Umbridge showed up from the Ministry of Magic and gradually took over the school. I'm not saying things are that bad -- yet -- but the distinct lack of strong Dumbledores is worrisome. The power of educational institutions relative to other institutions is often maintained primarily by courage and righteousness.

Hacker culture needs lessons in civil disobedience. I'm not informed about the legal systems governing middle earth or Hogwarts (I think the model is mostly medieval), but in this country bad laws change because courageous individuals pay the price to violate them, and draw the righteous to their cause by the sheer disparity between the crime and its absurd punishment. We have a responsibility to teach the precedent for civil disobedience and to help our students understand the power of effective cultural critique -- our beloved hacker culture will and does learn from this.

That is, if they are actually our students and not people hanging around without being enrolled. That situation is a lot harder for us educators to address.

What civil disobedience? No laws have changed and nothing has been done. MIT has not changed any policy and denies any wrongdoing.

Aaron Swartz was martyred for his cause, and MIT just gave itself a free pass. As an alum, I am shocked at the response: you aided and abetted the murder of this young man.

Stopping such aiding and abetting, in the future, is the main lesson I would draw for MIT. I suspect campus administrators should be learning from their hacker culture, rather than vice versa, or what I value about MIT will cease to exist.

What a fantastic waste of resources! A self absorbed, deranged individual gets himself in fairly minor trouble, kills himself, and MIT feels it has to turn itself inside out to review the case? A great report, which I tried hard to read through, but ultimately only of value for its questions. If the perpetrator had not killed himself, would there have been a report? I doubt it! Sure we have bad laws and civil disobedience can be admirable, but we still have laws and I don't want MIT resources spent in deciding which are fair or which crimes should be prosecuted. Schwartz was devious, dishonest, and cowardly. Then he and his supporters (Don't even mention his paid advocates, who deserve NO attention at all.) invoke every imaginable trick to gain sympathy and let him slide. I DO NOT want MIT's network to be open. I want users to be responsible and abide by its rules. If someone wants to establish open archives of scholarly work, go to it. Sure, the print journal system is archaic and needs serious revision, but that's not an excuse for criminal behavior. I considered myself a bit of a hacker, 50 years ago, but I never deluded myself that crimes were not crimes! Any suicide is a tragedy and I offer condolences to Aaron's family, but suicides will happen (cyanide in my dorm), so let's think about the reports eight questions and let Aaron rest in whatever peace he has found.

MIT needs to transform hacker culture by focussing these energies on computer security courses, practicals, and competitions that prepare students for the many jobs currently filled by "reformed" criminal hackers. There are many subfields that would appeal constructively to the hacker mentality, including cryptographic security, cryptographic computing, asset protection, infrastructure protection, and related fields for which there are ongoing needs fir government, business, and academic professionals. There are many "safe" teaching tools, such as sandboxed computers, simulated exercises, and others. There are many opportunities for cooperative courses and summer internships in industry. There is the possibility of creating an ROTC-like model extending to civilian government agencies, perhaps even with tuition subsidies for the most talented in exchange for employment committment.

MIT goes to great lengths to document how "neutral" it was prior to Aaron Swartz suicide. It was passive in the face of unfair disproportionate prosecution.

MIT did not exhibit leadership. It has a long history of dealing with youth and youthful excesses. It applied that deep knowledge by just going along with the prosecutors.

The MIT I chose to attend "winked" at assembling an auto on the great dome or disrupting a Harvard football game with an inflated balloon emerging from under the field. These are crimes to the extent they damage property and carry penalties scaled to the damage done.

Swartz's penalties were massive over reach. MIT was an involved party. Rather than criticize or object, MIT condoned the over reach by its neutrality.

So, what should MIT do now? I think the first order of business is exit the state of denial. Stop pounding the "MIT did nothing wrong" drum and just admit "MIT did nothing right". Say that if you had it to do it over, you wished that you had spoken up. Own up to your mistake. You can't change the situation now.

The "hacker culture" is the notion of relatively unbridled play in the process of learning. Do not pretend to be surprised to see young people playing frisbee where the law has posted a sign saying "Stay off the Grass." Do not support laws that conflict with MIT's goals of free exercise of intellectual learning -- rather work to get those laws changed to better support ALL of society's need for more intellectual freedom and learning. MIT needs to acknowledge that suicide is not a very rare occurrence within the greater MIT community, and ought to be taking a harder look at MIT's role in this, and why MIT isn't in practice more supportive. When someone dies MIT as a learning institution has greatly failed. As an alum I was greatly surprise at this MIT report, and how MIT continues to view this issue from their own corporate-insider's point of view, unable to get outside of their own shell to take a broader look at what happened, and what continues to happen, and what MIT's role in all this should be. I suggest MIT should continually ask itself: "How do we increase intellectual learning? How do we increase intellectual freedom? How do we increase intellectual safety? And what is getting in the way of this, both within MIT and within the national body of law, that we ought to be working to change?"

I agree with Dennis R. I was watching a documentary on Dick Cheney and do you know what he said? If he had to do it all over again, he would have done it all "exactly the same way." Pathetic.

MIT should at least acknowledge what it could have done differently, given the tragic outcome. But it was obviously terrified of litigation. So I fear we have a bunch of lawyers running the show. That's really not true leadership.

I trade on the MIT name, but I doubt the Insitution is much proud of me. Aaron was different. I used his code on one of my servers for almost a year. It was great code. There was going to be more where that came from. I simply wish that MIT had recognized what made it great -- people like Aaron. And acknowledge the missed opportunity to support and defend him -- not out of loyalty -- but to claim Aaron's prodigy in the name of MIT.

MIT needs to stop thinking in terms of interests and start thinking in terms of values.

Hacker culture isn't really about breaking rules - it's about independent thought and free expression, and allowing others to do the same. Unjust laws can only be changed when people break them or, at least, talk about breaking them. MIT should examine laws it chooses to enforce and ask if helping prosecutors is in line with what its students, alumni, and faculty would say is fair and right.

Distrust of authority is at the very foundation of the scientific method, and MIT does itself and the world a disservice by trusting legal authority so blindly.

I really hope there's a typo in this question, because the MIT Administration has a lot more learning from Hacker culture than the other way around. To suggest otherwise in light of the Swartz incident is a pretty impressive bit of dissonance.

If the Administration thinks it somehow controls or influences the core values of hacker culture, or if it thinks that, it has another thing coming. That culture is centered around a profound distrust of authority. It's about what's doing what's right, not what's easy in the face of adversity when needed. It's about learning to laugh off little injuries and take care never to inflict the big ones. About being safe without being usual, and having the courage, strength and intelligence to know when to stop and learn before proceeding.

Had the administration displayed these qualities, I firmly believe that Swartz would still be with us, even if the case against him had proceeded. Had you had the courage to stand with him, on the principals of shared values, to stand against an prosecutor pushing for unjust punishment, the administration might have found it had the strength and maturity to support Swartz while accepting and admitting that, yes, he did something illegal, and yes, it was maybe even wrong. Had that happened we could have been better for it, and a strong champion for the reform of a overly broad law used selectively to intimidate into something that can *justly* judge and, if needed, punish offenders like Swartz.

It is never enough at MIT to be "neutral". We would not be the research institution we are today if our faculty was "neutral" about advances in their field. We would not be the sought after school for both undergraduates and graduates that we are if it was OK to be "neutral" in academics here. Hacking, and all the cultural elements that come along with it spring from a deep rejection of the idea that neutrality and conformity are acceptable.

The administration would to well to remember that it is not exempt from the standard of quality of work and purpose apparent in the rest of the Institute. It would also do well to understand how those elements give rise to Hacking culture, and to exhibit a bit more itself.

I second woursler. There's no typo, but the report makes more sense in the description of this question. Something like: Why do MIT’s actions so frequently contradict its culture?
MIT, the corporation, has a formal obligation to fulfill the wishes of its stakeholders (its students, alumni, and faculty). But it is becoming laughably obvious that the administration (the board and the committees) either has no idea what these wishes are or ignores them. Worse still, the stakeholders often have no idea what the administration is doing or why until it is too late.

The CJAC is supposed to be the community’s voice to the board. The problem is that it’s a tiny voice and it’s not always saying the right things. MIT should expand the CJAC significantly and modify its relationship to the board, or create a new committee altogether. Instead of having issues delegated to it by the board, the CJAC should be given the authority to bring issues of importance to any corporation committee. It should further be responsible for providing the board with an annual report of student/alumni/faculty support (or lack thereof) for the actions of MIT’s various committees. The membership of the CJAC need not be tied to the UA, GSC, or any other power structure, as these rarely speak for MIT’s culture. The membership needn’t be important at all – everything it does should be dictated by a site like this one, which it should set up.

The community cannot provide feedback to the administration without knowing what the administration is doing and why. MIT should encourage relentless internal transparency. This transparency should include the minutes of all board and committee meetings where possible. Students/alumni/faculty should never be asking why some decision was made – they should be asking why their opinion wasn't brought up in the meeting.

I doubt the majority of the MIT community would have supported a neutral stance. The goal of these two recommendations is to responsibly reduce the activation energy required to present an opinion to those who speak for this community.

The MIT I chose to attend is a place that espoused an enthusiastic support of individuality and creativity in the face of administrative silliness or bureaucracy. In everywhere from tour guides to admissions blogs, famous hacks are immortalized students are encouraged to have a sense of well-measured irreverence with respect to rules that shouldn't apply to whatever circumstances. After just a year of being here I've come to the bitter realization that practically speaking, MIT's leadership doesn't seem to really care about protecting its students or affiliates who actually do break rules that they think are unnecessary. How can we brag about hackers putting 153 LEDs on the windows of the Green Building, but not support a student who wears a sweatshirt with blinking lights to an airport? MIT seems to only want the playful image of hacker culture, like extremely visible hacks on the dome or what have you, but doesn't want to deal with any of the intellectual consequences, like supporting people who want free information (and free information, let's not forget, is one of the most important of MIT's values). My understanding of MIT's administration's actual support of hacker culture has boiled down to a cynicism that MIT is only looking for some good publicity. Luckily, that's not the case in the actual MIT community, which is filled with hackers and their supporters -- else I might have given up in despair long ago and left.

When I first applied to MIT, I read stories where the dean would come to a football game to get his boyish hacker students out of hot water. I read stories where professors would pay their students' bail when they got caught in places they shouldn't be, and other romantic tales about kids pulling pranks. But hacker culture goes a lot farther than simple pranks. Hacker culture has an enormous intellectual movement behind it that has been growing and maturing for decades. MIT needs to choose to either support it fully or let it fall by the wayside officially -- but either way, Aaron Swartz's death has shown to us that it's a bad idea to send these mixed messages any longer. MIT as a community, in my opinion, is a proponent of hacker culture -- so the most logical step is for the administration to be willing to represent this with a little more courage.

I know that the MIT administration is fully capable of taking more firm stances in support of the ideals of hackers. The administration has shown, time and again, that it is in fact a pretty morally-directed, motivated bunch of people. Look at all the resources being pooled into OCW and edX, or summer programs to help kids in high school. But taking the next step of supporting MIT community members openly in the face of the often unjust law is a much harder one -- one that will have negative consequences for MIT as an institution, or the admins as individuals, or what-have-you. But I believe it's something we truly have to do. And if MIT's ruling bodies were to actually take these measures to support people in the face of legal trouble, I think our community would be a lot more whole and happy.

A hack should never materially harm its "victim." When a hacker is caught the hacker must be prepared to acknowledge and apologize for the act. It is foolish to confuse "hacking" with civil disobedience or protest. The heroes of landmark civil disobedience have no fear of jail, they are willing to pay that price to be heard and to force change. That is a heavy commitment. Perhaps the trouble is in this digital age a "hack" has to be more carefully considered.

MIT is not a state, it is not a nation, it is an educational institution that operates under the laws of Massachusetts and the United States of America. Acts that are confined to the private property of the institution can be forgiven by the institution. Acts that extend beyond institution property will trigger a response by higher authority.

Hacking, and related disobedient things, will always happen. It is impossible to stop them. The question is whether they will happen within the framework of a larger supportive community, or alone by individuals. If people get worried about the consequences that will be brought down upon them by the administration, the less likely they will be to seek out other people to hack with. Hacking will still happen, but it will be by secret disjoint groups not in communication with each other. There will be more damage, more injuries, and fewer "hacks," all of which soil the MIT image.

Of course the administration cannot condone hacking, as it is fundamentally illegal. But when it comes time for punishments to be handed out, perhaps the following guideline could be used:
If there is no property damage, and nobody is hurt, then the individuals' actions were of no consequence to the institute, and they will suffer none from the institute.

I believe that the hacker culture thinks that they are so brilliant that they alone can decide when to release information and not have to abide by the rest of society. They are naive to believe that they can change mankind by releasing information free of charge. Aaron Schwartz fits in with Julian Assange, Edward Snowden and Bradley Manning (who likies to be called Chelsea now). They all thought that they were so brilliant in an area other than computors, that they could decide what they could release even though they were devious, dishonest and cowardly. Their education belies their brilliance, which appears to be only in hacking computors. It doesn't matter that Assasage won't go to Sweden to face two sexual charges or that Snowden is a traitor to the U.S. and has taken asylum in Russia. Because of him I'm sure that Russia and China now knows how our espionge works and it could hurt me personally.
If Schwartz had not committed suicide, MIT never would have released a report. He had a chance to accept a six month prision term for illegaly breaking into JSTOR which costs MIT money to maintain. He had previously illegally downloaded PACER and did not have any consequences. What was his next project after JSTOR? It was his decision to commit suicide and not accept the six month prison term. Many people do not like to take responsibility for their actions.
While many professors at MIT are passionately for openness they don't seem to think that openness needs to be balanced by responsibility and take into account the repercussions.it might have on others. I believe that openness needs to be tempered as a policy of MIT. As an alumi, my only course is to withhold my contributions if MIT becomes more liberal.

Are we talking computer hackers? or are we talking the MIT IHTFP? I'm assuming the latter.
In which case, per hacks.mit.edu:

"The word hack at MIT usually refers to a clever, benign, and "ethical" prank or practical joke, which is both challenging for the perpetrators and amusing to the MIT community (and sometimes even the rest of the world!). Note that this has nothing to do with computer (or phone) hacking (which we call "cracking")."

I don't think this applies at all here. In fact, from my view of it as a 6er, a "computer hacker" is usually not a complement. In fact, I usually label my ugly pieces of code a "hack". If we're suggesting that Aaron was MIT IHTFP hacking with his actions, then I beg to differ.

The reason the administration can deal with IHTFP hacking, is the "ethical" factor that they often look the other way as rules are bent or broken. Breaking the _law_ clearly violates the "ethical" agreement for hacking.

Innovation requires a playful attitude towards rules and authority--not necessarily one of rebellion, but of a willingness to question everything. The hackers know this, as do the students carrying out hidden experiments in their dorm rooms, and the builders sawing and soldering in their hallways. The MIT I know and love is a place that supports those who ask the right questions, teaches those who find the wrong answers, and only punishes those who seek out harm for others.

@rdeits, HEAR HEAR!
MIT is first and foremost a place of education. When people push at the boundaries or flex the rules for the sake of learning or dissemination of knowledge, MIT has been remarkably lenient and encouraging. Let's try to keep "for the sake of education" foremost in mind when making Institute policy decisions and disciplinary decisions because that's what makes the MIT classroom bigger than all the lecture halls.

MIT needs to pick a side. Remaining passive in a discussion like this is not enough, and MIT has tried to absolve itself of blame by saying that it did nothing. Doing nothing, in this case, was a problem.

"devious, dishonest and cowardly" is now a meme, isn't it? That, or great minds think alike @wilsonl, fhaeussler... didn't expect that kind of behaviour around here.

Hard to say what wasn't already said by others (and better) here and on https://swartz-review.mit.edu/node/284 . MIT's involving law enforcement wasn't their big mistake; their self-imposed neutrality afterwards was. In a faux-diplomatic refusal to take sides in one of the questions where there *are* such things at black and white (at no personal cost, and in agreement with most of their staff and student body), they proved themselves unworthy of their job. I can't think of any negative effects on anyone from MIT personally, or on MIT as a whole (a private university -- not that this should matter in theory), that could have resulted from a clear statement opposing SOPA, CFAA and the concept of copyright on research findings altogether (we are not talking incitement here). If this was preemptive obedience, it failed to preempt anything. All the more shameful.

@rdeits:
Your comment is completely correct, yet incomplete. While innovation requires a playful attitude toward rules, it still relies on society, and societies do need rules. The beauty of places like MIT is that they provide mini-societies with fewer rules. But Swartz's actions, playful or not, broke the rules (and servers!) outside of that mini-society. (Admittedly, the CFAA prosecution concerned a violation of MIT's rules, a difficult state of affairs described in the report.) That, to me, is why this "hack" is different than someone tooling in the EC courtyard.

The question should not be what can MIT learn for its hacker culture, but rather, how did MIT fail to learm FROM it? I couldn't have said it better than darij that the self-imposed "neutrality" and faux diplomacy was shameful. "All that is necessary for evil to exist is for good people to do nothing" could not have been illustrated more completely.

Regarding calling in law enforcement, it has been many years since I walked the halls as an undergrad, but MIT must really have changed if finding a laptop (...even in a closet...in the basement...under a box) prompted someone to call the police. Yes, the hacker culture sees some rules as "flexible" and some rules may be more "flexible" than others, but MIT has had a tradition of respecting creativity and dealing with infractions internally in order to foster its unique environment. Calling in the Cambridge police (which, in my opinion, started the snowball effect) is inexcusable in such an environment. If the MIT Police representative didn't know how to handle the laptop situation, he should have asked some hackers for advice.

A fellow grad student came to campus about a month before Aaron's arrest. A few weeks after Aaron's arrest, he was scraping some data (legally) on the order of his PI and got a stop warning from IS&T. Nothing happened to him but, as you can imagine, he was terrified.

A year later, shortly after Aaron's death, he told me that he had spent his first 1.5 years (of a 2 year master's) believing that MIT was a locked down, bureaucratic, CYA, "get permission in triplicate or else" sort of place, and that it had negatively impacted his (totally legal) research.

Places like MIT get to the top because they innovate, and then they have a very, very hard line to walk, balancing the risk-aversion of a leader with the dangerous conservatism which prevents it from taking sufficient risks (or supporting its internal risktakers) to maintain its leading position. IMHO, in many respects, MIT is falling too far on the conservative, risk-averse side of the line.

It is important, not only ideologically but for the long-term success of the institution, that MIT err on the side of supporting its risktakers at every level. Put another way: if MIT were to die, the thing to kill it would not be a student or researcher breaking a law, but creating a conservative, risk-averse, culture where we lose our edge and then our lead.

"Thoughtful rulebreaking" is is more than a hacker credo - it is the core of MIT.